METHOD AND APPARATUS FOR PROTECTING 
SOFTWARE AGAINST UNAUTHRI ZED USE 



BACKGROUND OF THE INVENTION 
5 1 . Field of the Invention 

The present invention relates generally to a method and 
apparatus for preventing the unauthorized use of software 
programs, and in particular, a method and apparatus of 
preventing the unauthorized use of software programs by 
10 unauthorized hardware devices. 
2. Description of Related Art 

The unauthorized use of software is a common problem for 
software developers and distributors. The use of personal 
computers at home and in the office has become widespread 
15 in the last decade. Software and hardware products provide 
a high level of functionality and their use is growing. 
Particularly, the use of personal computers at home is 
still rising and will extend further on. The more complex 
the software functionality and the greater the effort of 
20 development of the software the more important is the 
protection of software against unauthorized use. Although 
unauthorized copying of computer software is a violation 
of the law, the widespread availability of pirated 
software and limited enforcement capabilities have further 
25 enlarged the extension of software piracy. 

Furthermore, software is distributed in growing number 
in combination with special hardware devices. This 



bounding of hardware devices with corresponding software 
utilities is often done to increase the value of hardware 
devices and to separate the bundled product from 
comparable products of competitors. Proprietary hardware 

5 devices with corresponding software are not subject to the 
problem of using hardware devices with software utilities 
of another manufacturer. But more and more hardware 
devices use standard interfaces to operate in combination 
with different software. Therefore, it is important for 

10 manufacturers to prevent the unauthorized use of software, 
which is developed to be distributed , only in combination 
with the corresponding hardware devices. A further 
consideration of limiting the functionality of software 
with certain hardware devices can be a suitable means to 

15 tie a customer who purchased a hardware device to the same 
manufacturer. For example, the customer has to purchase 
the corresponding software product of the same 
manufacturer in order to gain access to all functions and 
options of the hardware. Therefore, the manufacturer is 

20 capable to calculate a mixed cost for the hardware and 
software products dependent upon the development expense. 

Current methods of preventing the unauthorized use of 
software are not effective enough or a nuisance. The use 
of license keys is not effective as can be seen from the 

25 high number of available tools to remove license key 
inquiries or the huge number of published unauthorized 
license keys in the internet. Methods to generate license 
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keys can often be determined fast. Also, it is not 
possible to monitor the usage of the software and in 
particular which use should only be authorized in 
combination with particular hardware devices. 

5 An effective but uncomfortable method to protect the use 

of software is the use of hardware keys, called "dongles" . 
These external devices execute a certain algorithm to 
produce a code which the computer receives and affords 
access to the software code if the code is correct. While 

10 the use of hardware keys is an effective way to reduce 
software piracy, additional hardware keys raise the 
problem of connecting them to the computer which executes 
the software. Standardized input/output ports are 
available and technically sufficient but conflicts with 

15 other connected hardware occurs often. Hardware keys are 
also costly to produce and the combination with software 
is rather questionable. Hence, effective hardware keys are 
limited economically to software applications of high 
value . 

20 The problem associated with current protection methods 

of software is that there is no method available which 
combines the authorization process of software use with 
the check on certain hardware devices accessed by the 
software . 

25 SUMMARY OF THE INVENTION 

Therefore, there is a need for a secure and 
reasonable method and apparatus to prevent software bound 
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to corresponding hardware devices from unauthorized use. 
The method and apparatus of protecting software against 
unauthorized use does not only secure the software use 
itself but also the unauthorized use of the software with 
5 comparable hardware devices of competitors. This is 
important in case of software which is additionally 
available. In order to employ the method and apparatus of 
the present invention at least one hardware device has to 
comprise a unique unalterable identification sequence such 
10 as identification numbers, serial numbers or other 
embedded unique code sequences which can be read out by 
the software and enable an unambiguous identification. 
This object is attained by the appended claims of the 
present invention. 
15 a license key stored in the software or accessible by 

the software is required for executing the software. The 
kind of access of the software to the license key depends 
on the device able to execute the software. It is 
advantageous to store the license key in a separate file 
20 when the software is developed to be executed on a common 
personal computers. The software reads out the unique 
hardware identification sequence from the associated 
hardware module. The license key contains also at least 
one hardware identification sequence. The read out 
25 sequence and the contained sequences are compared. The use 
of the software is permitted and execution is allowed if 
both sequences match. The contained hardware 



identification sequences are co-coded in a license key 
which can also contain an additional classical software 
license key. The additional classical software license key 
can contain further software related information, e.g. 
5 sequences to identify the software program, sequences to 
identify the manufacturer or distributor of the software 
program and the like. The comparison of the contained 
hardware identification sequence and the read out 
identification sequence by the software allows to select 
10 between different authorization conditions. Therefore, it 
is possible to allow the use of the software by a certain 
sequence of identified hardware devices comprising the 
correct hardware identification sequence. The software 
license key need not only contain a single hardware 
15 identification sequence but a variety of sequences could 
be contained wherein only one or some contained sequences 
have to match. The hardware devices have not to be 
connected electrically to the computer or a comparable 
device able to execute the software since wireless 
20 connections are getting more and more important especially 
also for home use. 

Preferably, the hardware numbers which are contained 
in the license key are encrypted. There are several 
methods to encrypt the desired hardware identification 
25 sequences and co-code them in the required license key. 

Conveniently, the encrypted hardware identification 
sequences are decrypted by using a secret key. This secret 



key is implemented and coded in the software code, 
respectively. The manufacturer or distributor of the 
software has to know the hardware identification sequences 
of the corresponding hardware devices which should be 

5 contained in the license key. The same secret key is used 
for encrypting this sequence and for decrypting. A 
comparable method is to use a secret algorithm instead of 
a secret key. The same algorithm is used to encrypt as 
also to decrypt the hardware identification sequences 

10 contained in the license key. Therefore, this algorithm 
has to be implemented or coded in the software code, 
respectively. These two methods offer a relative 
protection against unauthorized use of the software. 
Moreover, these methods are implemented economically in 

15 software utilities of low costs. 

More preferably, a public key encryption method is 
used to generate the license key and to retrieve the 
hardware identification sequences during the software 
execution. A public key encryption method requires two 

20 different keys, the secret key and the public key. The 
secret key is used to encrypt data which can only be 
decrypted using the public key. Contrary to the above 
described encryption methods the encryption key or method 
can not be extracted out of the software code. The secret 

25 key has not been implemented in the distributed software 
since the public key is sufficient to decrypt the 
contained hardware identification sequences. The secret 
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key has only to be known to the responsible license key 
generating authority. The public key can be implemented in 
the software code but also submitted in combination with 
the license key or obtained via a web page or the like. 
5 Conveniently, a freely obtainable public key and 

information about the internal format of the license key 
would enable the possibility of constructing a "hacked" 
key for certain unauthorized hardware devices since the 
software program is not able to distinguish between a 
10 legal public key of an authorized party and a public key 
of an unauthorized source. Therefore, the coding of the 
public key is advantageous. 

Additionally, to prevent the simultaneous exchange of 
public key and license key, which would allow the 
15 unauthorized use of the software, the public key can be 
signed by a third authority. This signed public key is 
called generally a certificate. However, the signing of a 
key is based again on a public key encryption method 
described above. A corresponding pair of keys is used for 
20 encryption and decryption. The corresponding pair of keys 
is provided by a third party key authority often 
specialized for key providing. The public key of the 
manufacturer or distributor of the software is encrypted 
by the secret key of the third party key authority. In 
25 order to gain the public key which is used to decrypt the 
hardware identification sequences contained in the license 
key the corresponding public key of the third party key 



authority is applied to the certificate in order to 
decrypt the certificate. The staggered encryption by 
applying two secret keys each known to different 
independent key authorities makes it more difficult to 

5 overcome the protection of the software in favor of 
unauthorized use. 

In case of the above described usage of a certificate 
distributed by the manufacturer or distributor of the 
software and a public key of a third key authority it is 

10 possible to distribute both the certificate and the third 
party public key via freely accessible sources. Possible 
sources can be for example a WEB server of the 
manufacturer or distributor providing the necessary 
certificate via WEB pages and download availability and 

15 providing additionally a hyperlink to WEB pages of the WEB 
server of the third party key authority in order to offer 
a complete set of certificate and public key to the 
vendor . 

Preferably, the software program is bond to at least 
20 one network interface module. Network interface modules 
comprise a unique identification sequence of worldwide 
validity known as medium access control layer (MAC) 
address. The MAC address is perfectly suited for use as 
unique identification sequence. More preferably, the 
25 software program is bond to at least one Bluetooth™ module 
which comprises also a worldwide valid MAC address. 
BRIEF DESCRIPTION OF THE DRAWINGS 



Throughout the following, reference numerals will be 
used in the drawings, and like reference numerals will be 
used throughout the figures in the description to describe 
corresponding parts of embodiments of the invention. 
5 Fig. 1 is a flow chart illustrating the method 

steps performed to activate the protected software the 
first time; 

Fig. 2 is a flow chart illustrating the method 
steps performed to activate repeatedly the protected 
10 software after the first activation; 

Fig. 3 shows a possible arrangement of two 
personal computers each equipped with a Bluetooth™ network 
interface as a further example of a hardware arrangement; 

Fig. 4 shows a possible arrangement of a mobile 
15 terminal and a mobile phone each equipped with a 
Bluetooth™ network interface as a further example of a 
hardware arrangement ; and 

Fig. 5 shows a further embodiment involving a 
controller unit like a mobile phone or a personal computer 
20 both equipped with a Bluetooth™ network interface to 
control a home electronic device like DVD-Player, VCR- 
Recorder . 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

Fig. 1 shows a flow chart as applied to apparatus 
25 used in implementing the present invention. The flow chart 
illustrates an embodiment according to the method and 
apparatus of the present invention. The shown embodiment 

9 



applies the above described public key encryption method 
in combination with a signed public key and certificate, 
respectively. 

A typical exemplary scenario shall be described below 
5 to enlighten the virtue of the software protection method 
against unauthorized use. Hardware devices and the 
corresponding software can be purchased via the internet 
using a web shop of the manufacturer or distributor or via 
a classical shop. If the purchase is performed via the 
10 internet contact information like mail address or e-mail 
address are submitted to the vendor. The hardware devices 
and the corresponding software are put together and sent 
to the purchaser. The respective hardware identification 
numbers can be obtained for example by the serial number 
15 of the hardware products. The unique hardware 
identification numbers and serial numbers are linked by a 
database system. To allow the use of the software also the 
license key has to be submitted to the purchaser. The 
hardware identification numbers are encrypted using a 
20 secret key according to a public key encryption method. In 
order to ensure a certain security of the secret key the 
encryption of the hardware identification numbers and the 
coding of the encrypted numbers in the license key should 
be performed by a single key authority to avoid a wide 
25 distribution of the secret key. The generated license key 
is submitted using preferably another way of submission. 
It is also possible that the license key has to be 
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requested by the user. The user submits for example the 
serial number of the hardware devices in his property or 
the unique hardware identification numbers determined by a 
special software tool and a contact address to the key 
5 authority. The key authority has to be able to check the 
hardware numbers to ensure that the hardware device is 
authorized to be used in combination with the software. 
The user is now in possession of the hardware devices, the 
corresponding software and a personal license key. 

10 A public key according to the secret key has also to 

be provided. Coding of the public key would be the 
simplest but also an unsafe way of providing. According to 
the currently preferred embodiment the public key is 
provided as a certificate or signed public key. The signed 

15 public key involves a third party key authority which 
encrypts the public key according to the secret key used 
for encrypting the hardware identification numbers 
contained in the license key. Both the signed public key 
and the public key of the third party key authority can be 

20 submitted to the user via e-mail or can be accessed by the 
user using the internet. 

The software can now decrypt the hardware 
identification numbers of the license key in a two step 
decryption. In a first decryption step the signed public 

25 key or certificate, respectively, is decrypted using the 
public key of the third party key authority. This 
decryption results in the public key of the manufacturer 
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or distributor. The following second decryption step 
involving the gained public key and the license key 
results in revelation of the hardware numbers contained in 
the license key. The contained hardware numbers are now 
5 compared with the hardware identification numbers read out 
by the software of the accessible hardware devices. If the 
numbers match access to the software and its execution is 
permitted to the user. In the other case it is for example 
possible to permit access to the software with limited 
10 functionality. 

Due to the additional encryption of the public key 
used for decrypting the license key data the manipulation 
of the software and thereupon the unauthorized use of the 
software is made more difficult in comparison to using a 
15 coded public key for decryption. The certificate ensures 
that only the public key of the manufacturer or 
distributor is a legal public key. Additionally, if the 
certificate and the corresponding public key of the third 
party key authority are submitted in any way parallel to 
20 the submission of the license key, the exchange of the 
keys is easier and once compromised keys can be exchanged 
against new secure ones . 

Fig. 2 is a flow chart illustrating the steps and 
functions of the method and apparatus performed to 
25 activate repeatedly the protected software after the first 
activation. In the present embodiment according to Fig. 2 
the public key of the third party authority or 



certificate, respectively, the public key of the 
manufacturer or distributor and the license key are 
stored. Each time the software is restarted the signed 
public key is decrypted using the public key of the 
5 manufacturer or distributor and subsequent the contained 
hardware identification numbers are decrypted and 
extracted for the license key and compared with the 
accessible hardware devices in order to ensure that the 
authorized hardware devices are used. This proceeding 
10 ensures that the public key of the manufacturer can not be 
exchanged against a public key of an authorized party. 
Hereby, a complete protection against misuse of the 
software program is given. 

Often software programs once installed on a computer 
15 system can not be copied and reinstalled on another one. 
In this case the protection against exchange of the public 
key of the manufacturer or distributor is not necessary 
any more. Hence, it can be sufficient to check only once 
the public key to ensure the origin of the public key from 
20 an authorized source. Only the decrypted certificate and 
the license key have to be stored which saves the 
execution of one decrypting process. The complete software 
protection is to be preferred, since the same decryption 
methods and algorithms are often used and the 
25 implementation of the complete staggered decryption 
process does not extend the software program to much. 
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Fig. 3 shows a possible arrangement of two computers 
301 each equipped with a Bluetooth™ network interface 303 
as an example of a hardware arrangement . The both 
Bluetooth™ network interfaces 3 03 each comprise a unique 
5 hardware identification address. Both identification 
addresses can be read out by both software installed on 
one of the both computers 301 since Bluetooth™ network 
interfaces 303 are accessible from each other and all 
network interface cards have to comprise a unique hardware 
10 identification address to recognize them worldwide. 
Software applying the protection method according to the 
present invention can be installed on one of the two 
computers and checking if at least two Bluetooth™ network 
interfaces 303 comprising certain hardware identification 
15 address are accessible. It is even possible to co-code 
additional license conditions. For example, it could be 
coded that one of the Bluetooth™ network interface 3 03 has 
to be connected electrically to the computer which 
executes the software and the other network interface 303 
20 is accessed via radio frequency transmission 3 05. 
Obviously, the number of verified hardware devices 
comprising unique hardware identification addresses can 
vary according to the license conditions. 

Fig. 4 shows a possible arrangement of a mobile 
25 terminal 401 and a mobile phone 403 each equipped with a 
Bluetooth™ network interface 303, 405 as a further example 
of a hardware arrangement. This arrangement is similar to 



the arrangement shown in Fig. 3. A mobile phone 403 is 
used for linking a mobile terminal 4 01 to an access server 
to the internet. The data communication between mobile 
phone 403 and mobile terminal 401 is performed using 
5 Bluetooth™ network interfaces 303, 405. A special software 
is implemented on the mobile terminal 401 which use is 
only authorized in combination with a mobile phone 403 of 
a certain manufacturer. The manufacturer of the Bluetooth™ 
network interface 4 05 plugged on the mobile phone 4 03 

10 distributes the necessary communication software which 
shall only be usable if this certain Bluetooth™ network 
interface 405 is connected. The software executed on the 
mobile terminal is protected against unauthorized use 
applying the method according to the present invention. 

15 The license key contains the Bluetooth™ hardware address 
of the Bluetooth™ network interface 4 05. The corresponding 
Bluetooth™ network interface 3 03 connected to the mobile 
terminal 4 01 is not involved in the verification process 
so that a Bluetooth™ network interface of any manufacturer 

20 can be used. 

Fig. 5 shows a further embodiment involving a 
controller unit like a mobile phone 4 03 or a personal 
computer 3 01 both equipped with a Bluetooth™ network 
interface 3 03 to control a home electronic device 501 like 

25 digital versatile disk player (DVD) , video recorder (VCR) , 
digital video recorder (DVCR) . Rising numbers of features 
included in home electronic devices requires just operable 
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user interfaces. Particularly, video processing devices 
comprising multiple features are suitable to be equipped 
with interface devices for remote controlling by another 
terminal device, e.g. personal computer, mobile phone or 
5 the similar devices able to execute controlling software. 
A Bluetooth™ network interface can be implemented as 
preferred interface device. Related controlling software 
executed on the controlling devices has to be protected 
and shall only be usable in combination with the home 

10 electronic device of the certain manufacturer but 
executable on controlling devices of several manufacturer. 
Therefore, the method of the present invention is suitable 
to prevent unauthorized use of the software for 
controlling unauthorized devices of a competitor which 

15 implement the same controlling interface. 

The forgoing description of the preferred embodiment 
of the invention has been presented for the purpose of 
illustration and description. It is not intended to be 
exhaustive or to limit the invention to the precise form 

20 disclosed. Many modifications and variations are possible 
in light of the above teaching. It is intended that the 
scope of the invention be limited not by this detailed 
description, but rather by the claims appended hereto. 

The method and apparatus to prevent unauthorized 

25 software use applies a unique hardware identification 
sequence of hardware devices accessed by the software . The 
identification sequence is compared with coded sequences 
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in a special license key comprising hardware 
identification sequences. To protect the contained 
hardware identification sequences against unauthorized 
manipulation the sequences can be encrypted using 
5 different encryption methods according to the desired 
degree of protection. Accordingly, software which use is 
bonded to certain hardware devices can be protected 
effectively and reasonably by employing the method of the 
present invention. 
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